COS 318: Operating Systems

Similar documents
Storage and File Hierarchy

Storage and File System

COS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy

COS 318: Operating Systems. Journaling, NFS and WAFL

Topics. " Start using a write-ahead log on disk " Log all updates Commit

Veeam Cloud Connect. Version 8.0. Administrator Guide

Segmentation with Paging. Review. Segmentation with Page (MULTICS) Segmentation with Page (MULTICS) Segmentation with Page (MULTICS)

Computer Systems Laboratory Sungkyunkwan University

(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.

File System Internals. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

File System Internals. Jo, Heeseung

Last Class: Memory management. Per-process Replacement

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM

Filesystem. Disclaimer: some slides are adopted from book authors slides with permission 1

File Layout and Directories

File System Internals. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

ESE 333 Real-Time Operating Systems 163 Review Deadlocks (Cont.) ffl Methods for handling deadlocks 3. Deadlock prevention Negating one of four condit

IBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM

SMD149 - Operating Systems - File systems

Preview. COSC350 System Software, Fall

CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching

COS 318: Operating Systems. NSF, Snapshot, Dedup and Review

CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching

Chapter 11: File System Implementation. Objectives

Windows. Not just for houses

Announcements/Reminders

Administrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.

Evaluating Cloud Storage Strategies. James Bottomley; CTO, Server Virtualization

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

CS 416: Operating Systems Design April 22, 2015

CS4500/5500 Operating Systems File Systems and Implementations

ELEC 377 Operating Systems. Week 1 Class 2

Distributed File Systems

File System. Preview. File Name. File Structure. File Types. File Structure. Three essential requirements for long term information storage

Topics. Operating System I. What is an Operating System? Let s Get Started! What is an Operating System? OS History.

File Systems Management and Examples

FILE SYSTEMS. CS124 Operating Systems Winter , Lecture 23

What is a file system

Monitoring and Reporting for an ONTAP Account

An Introduction to GPFS

COMP091 Operating Systems 1. File Systems

CIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:

OPERATING SYSTEMS CS136

Backup and archiving need not to create headaches new pain relievers are around

Topics. Operating System. What is an Operating System? Let s Get Started! What is an Operating System? Where in the Book are we?

File Systems. What do we need to know?

File systems: management 1

File System Implementation. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Processes and Threads

CS3600 SYSTEMS AND NETWORKS

CloudTurbine Security White Paper

Distributed File Systems II

Kevin Russell ExaGrid Systems. Platinum sponsors:

CSE325 Principles of Operating Systems. File Systems. David P. Duggan. March 21, 2013

File Systems. CSE 2431: Introduction to Operating Systems Reading: Chap. 11, , 18.7, [OSC]

CS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017

Operating Systems, Fall

HP Designing and Implementing HP Enterprise Backup Solutions. Download Full Version :

CS3600 SYSTEMS AND NETWORKS

Today: File System Functionality. File System Abstraction

Windows. Not just for houses

Advanced Operating Systems

Topics. File Buffer Cache for Performance. What to Cache? COS 318: Operating Systems. File Performance and Reliability

Keys and Passwords. Steven M. Bellovin October 17,

COS 318: Operating Systems. Virtual Memory and Address Translation

Chapter 11: Implementing File Systems

Typical File Extensions File Structure

File System Case Studies. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CS140 Operating Systems and Systems Programming Final Exam

File System Implementation

Chapter 10: Mass-Storage Systems

CIS Operating Systems File Systems. Professor Qiang Zeng Fall 2017

Chapter 10: Mass-Storage Systems. Operating System Concepts 9 th Edition

CIS Operating Systems File Systems. Professor Qiang Zeng Spring 2018

<Insert Picture Here> Filesystem Features and Performance

A GPFS Primer October 2005

HP-UX System Administration

Long-term Information Storage Must store large amounts of data Information stored must survive the termination of the process using it Multiple proces

Files & I/O. Today. Comp 104: Operating Systems Concepts. Operating System An Abstract View. Files and Filestore Allocation

Cluster Management Workflows for OnCommand System Manager

CS720 - Operating Systems

Filesystem. Disclaimer: some slides are adopted from book authors slides with permission 1

OPERATING SYSTEM. Chapter 12: File System Implementation

File systems CS 241. May 2, University of Illinois

File Systems. CS 4410 Operating Systems

Chapter 11: File-System Interface

EMC Data Domain for Archiving Are You Kidding?

Rio-2 Hybrid Backup Server

16 Sharing Main Memory Segmentation and Paging

Chapter 11: Implementing File-Systems

File System Interface. ICS332 Operating Systems

Virtual File System. Don Porter CSE 306

Replication, History, and Grafting in the Ori File System Ali José Mashtizadeh, Andrea Bittau, Yifeng Frank Huang, David Mazières Stanford University

Motivation. Operating Systems. File Systems. Outline. Files: The User s Point of View. File System Concepts. Solution? Files!

Outlook. File-System Interface Allocation-Methods Free Space Management

File Systems: Fundamentals

Backup Solution Testing on UCS B and C Series Servers for Small-Medium Range Customers (Disk to Tape) Acronis Backup Advanced Suite 11.

IOPStor: Storage Made Easy. Key Business Features. Key Business Solutions. IOPStor IOP5BI50T Network Attached Storage (NAS) Page 1 of 5

BackUp Strategies. ApplePickers April 12, 2017

Chapter 12: File System Implementation

Transcription:

COS 318: Operating Systems File Systems: Abstractions and Protection Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/)

Topics What s behind the file system: Storage hierarchy File system abstraction File system protection 3

Traditional Data Center Storage Hierarchy Clients LAN Server SAN Storage WAN Remote mirror Onsite Backup Storage Offsite backup 4

Evolved Data Center Storage Hierarchy Clients LAN Network Attached Storage (NAS) w/ snapshots to protect data WAN Remote mirror Onsite Backup Storage Offsite backup 5

Alternative with no Tape Clients LAN Network Attached Storage (NAS) w/ snapshots to protect data WAN Remote mirror Onsite Backup Deduplication Capacity and bandwidth optimization WAN Remote Backup 6

Public Cloud Storage Hierarchy WAN WAN Interfaces Clients Geo-plex Examples: Google GFS, Spanner, Apple icloud, Amazon S3, Dropbox, Mozy, etc 7

Topics What s behind the file system: Storage hierarchy File system abstraction File system protection 3

Revisit File System Abstractions Network file system! Map to local file systems! Exposes file system API! NFS, CIFS, etc Local file system! Implement file system abstraction on block storage! Exposes file system API Volume manager! Logical volumes of block storage! Map to physical storage! RAID and reconstruction! Exposes block API Physical storage! Previous lectures Network File System Local File System Volume Manager Physical storage 8

Volume Manager Group multiple storage partitions into a logical volume! Grow or shrink without affecting existing data! Virtualization of capacity and performance Reliable block storage! Include RAID, tolerating device failures! Provide error detection at block level Remote abstraction! Block storage in the cloud! Remote volumes for disaster recovery! Remote mirrors can be split or merged for backups How to implement?! OS kernel: Windows, OSX, Linux, etc.! Storage subsystem: EMC, Hitachi, HP, IBM, NetApp 9

File versus Block Abstractions File abstraction Byte oriented Named files Users protected from each other Robust to machine failures Disk/Volume abstraction Block oriented Block numbers No protection among users of the system Data might be corrupted if machine crashes Emulate block storage interface Support file systems, database systems, etc. 10

File Abstraction: File Structures Byte sequence! Read or write N bytes! Unstructured or linear Record sequence! Fixed or variable length! Read or write a number of records Tree! Records with keys! Read, insert, delete a record (typically using B-tree) 11

File Abstraction: File Types ASCII Binary data! Record! Tree! An Unix executable file header: magic number, sizes, entry point, flags text data relocation bits symbol table Devices Everything else in the system 12

File Abstraction: File Operations Operations for sequence of bytes files! Create: create a file (mapping from a name to a file)! Delete: delete a file! Open: authentication! Close: done with accessing a file! Seek: jump to a particular location in a file! Read: read some bytes from a file! Write: write some bytes to a file! A few more operations on directories: later Implementation challenges! Keep disk accesses low! Keep space overhead low 13

File Access Patterns Sequential (the common pattern)! File data processed sequentially! Example: Editor writes out a file Random access! Access a block in file directly! Example: Read a message in an inbox file Keyed access! Search for a record with particular values! Usually not provided by today s file systems! Examples: Database search and indexing 14

File System vs. Virtual Memory Similarity! Location transparency! Size "obliviousness"! Protection File system is easier than VM in some ways! File system mappings can be slow! Files are dense and mostly sequential, while page tables deal with sparse address spaces and random accesses File system is more difficult than VM in some ways! Each layer of translation causes potential I/Os! Memory space for caching is never enough! File size range vary: many < 10k, some > GB! Implementation must be reliable 16

VM Page Table vs. File System Metadata Page table Manage the mappings of an address space Map virtual page # to physical page # Check access permission and illegal addressing TLB does it all in one cycle File metadata Manage the mappings of files Map byte offset to disk block address Check access permission and illegal addressing Implemented in software, may cause I/Os 15

Topics What s behind the file system: Storage hierarchy File system abstraction File system protection 3

Protection: Policy vs. Mechanism Policy is about what Mechanism is about how A protection system is the mechanism to enforce a security policy! Same set of choices, no matter what policies A security policy defines acceptable and unacceptable behaviors. Examples: A given user can only allocate 4GB of disk storage No one but root can write to the password file A user is not allowed to read others mail files 17

Protection Mechanisms Authentication! Identity check Unix: password Credit card: last 4 digits of credit card # + SSN + zipcode Airport: driver s license or passport Authorization! Determine if x is allowed to do y! Need a simple database Access enforcement! Enforce authorization decision! Must make sure there are no loopholes 18

Authentication Usually done with passwords! Relatively weak, because you must remember them Passwords are stored in an encrypted form! Use a secure hash (one way only) Issues! Passwords should be obscure, to prevent dictionary attacks! Each user has many passwords Alternatives? 19

Protection Domain Once identity known, provides rules! E.g. what is Bob allowed to do? Protection matrix: domains vs. resources File A Printer B File C Domain 1 R W RW Domain 2 RW W Domain 3 R RW 20

By Columns: Access Control Lists (ACLs) Each object has a list of <user, privilege> pairs ACL is simple, implemented in most systems! Owner, group, world Implementation considerations! Stores ACLs in each file! Use login authentication to identify! Kernel implements ACLs Any issues? 21

By Rows: Capabilities For each user, there is a capability list! A lists of <object, privilege> pairs Capabilities provide both naming and protection! Can only see an object if you have a capability Implementation considerations! Architecture support! Capabilities stored in the kernel! Capabilities stored in the user space in encrypted format Issues? 22

Access Enforcement Use a trusted party to! Enforce access controls! Protect authorization information Kernel is the trusted party! This part of the system can do anything it wants! If there is a bug, the entire system could be destroyed! Want it to be as small & simple as possible Security is only as strong as the weakest link in the protection system 23

Some Easy Attacks Abuse of valid privilege! On Unix, super-user can do anything Read your mail, send mail in your name, etc.! If you delete the code for COS318 project 5, your partner is not happy Spoiler/Denial of service (DoS)! Use up all resources and make system crash! Run shell script to: while(1) { mkdir foo; cd foo; } Listener! Passively watch network traffic 24

No Perfect Protection System Cannot prevent bad things, can only make it difficult to do them There are always ways to defeat protection! burglary, bribery, blackmail, bludgeoning, etc. Every system has holes 25

Summary Storage hierarchy can be complex! Reliability, security, performance and cost! Many things are hidden Key storage layers above hardware! Volume or block storage! Local file system! Network file system Protection! ACL is the default in file systems! More protection is needed in the cloud 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback